Implementing an Application Security Policy: Nine Key Questions

This is really the crux of the issue: Developers outnumber security professionals, yet we insist on differentiating ourselves with a “security culture” instead of getting to understand the developers’ culture. We may exclude the biggest ally we could possibly have by putting testing at the end, in tools or services that are outside of their normal environments, in a punitive exercise that is often duct taped and bailing wired in place. We then wonder why we fail as a cost center, when a profit center fights back using the business unit against us. Not everyone can be a security expert… Everyone can test for security defects.

There has been a lot of news lately about high-profile attacks on Web applications. Hackers employ tactics like cross-site scripting (XSS) and SQL injections, which have been around for more than 20 years. Yet, both are prevalent attack vectors now more than ever before - which makes it that much more important for organizations to have a formalized application security policy for their developer teams.

John Jacott, security evangelist for Coverity, which offers a development testing platform, sheds some insight on nine important questions that should be central to implementing an application security policy in any organization.

Here are the top 10 strategic technology trends that will impact most organizations in 2017. Strategic technology trends are defined as those with substantial disruptive potential or those reaching the tipping point over the next five years. ... More >>